Jump to content
Please Use CODE Tags

Python SQL query script?

KieuVanQuan
By KieuVanQuan
in Programming
 Share
Posted

Here's a .py script:

  

print "Content-Type: text/html\n"

#print "<result>Success<resultcode>0";

arguments = cgi.FieldStorage()

for i in arguments.keys():
	if i == "userpassword":
		password=arguments[i].value
	if i == "userid":
		userid=arguments[i].value
	if i == "useripaddress":
		useripaddress=arguments[i].value
		
#print "The user %s is trying to login with pass %s" % (userid,password)

#Search the user into the DB table
querystring="select COUNT(userid) as ucount from NineDragons_Account.dbo.Tbl_Member_Password where userid='%s' and userpassword='%s'" % (userid,password)
cur.execute(querystring)
rows = cur.fetchall()
usercount=rows[0].ucount
if usercount != 1:
	print "<result>Failure<resultcode>127";
	
else:
	print "<result>Success<resultcode>0";
	
cur.close()
sys.exit(0)

if userid == "%s"
	print "<result>Success<resultcode>0";

print "<br>END SCRIPT<br>"

 

Here's what it does:

it connects to MSSQL and then inside MSSQL to a specific table then selects 'userid' and 'userpassword' and then somehow combines them? Not sure....

There are two resultcodes and one of them is sent to the login server and depending on the resultcode it either lets you log in or keeps you locked out because you've provided wrong credentials.

 

Question is:

How do I alter this code so that I can use any 'userid'? I mean I want to modify this code so I can log in with any 'userid' of my desire even if that 'userid' does not exist in the database.

 

For example:

This 'userid' exists in database: admin1

Then I type this to login id field (on my client): dijocdoisacjio  (a random set of characters) and then it lets me in even though it does not exist in the DB. How can I do this?

 

I tried removing the condition itself but it crashed the login server.

 

(I already stripped off the password requirement so it lets me in with any password)

Here's how I did it:

 

print "<result>Success";#<resultcode>0";

 

If I type this under the !=1 then I can log in with any password but I still have to provde the correct 'userid' otherwise on my client it says login failed.

 

It is my own server, I just want to get into an older DB.

 

Can anyone help me?

CPU i5-4460 @ 3.2 ghzMotherboard Gigabyte GA-Z97X Gaming 7RAM 32gb Corsair Vengance 1600mhzGPU GTX-750 TICase Carbide 400R | SSD Plextor M8Pe(Y) 256gb NVME | SSHD Barracuda 1TB PSU CX430Display LG 29UM55-P Ultrawide | Keyboard Trust 3-way LEDMouse Razer Death Adder V2 Left Handed | Speakers Genius SW-HF 5.1 6000Headset Beyerdynamic DT770 PRO | Sound Card Xonar Essence STXIIOS Windows 8.1 x64 Professional, build 9600 | Theme(s) Windows 7, Vista & Aero from DeviantArt

Link to comment
https://linustechtips.com/topic/875224-python-sql-query-script/
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×